Sorry but that isn't entirely accurate. The issue is that an application is deserializing arbitrary objects from untrusted sources. The foxglove article also overstates how frequently object serialization is used, it was largely replaced by XML and later JSON.
Hard work never killed anybody, but why take a chance? -- Charlie McCarthy